Because Government Employees Have Been Spied On, Richard Burr Wants All of Us To Be

Predictably, Richard Burr has used the news of the Office of Personnel Management hack to renew his efforts to pass CISA. Burr added it as an amendment to the National Defense Authorization Act yesterday, stating,

The recent cyber breach at the Office of Personnel Management was a serious attack on our government and we cannot continue to have citizens’ personal information needlessly exposed to foreign adversaries and criminals.  In passing the Cybersecurity Information Sharing Act with an overwhelmingly bipartisan vote of 14-1, the Committee recognized the extreme threat posed by our adversaries who, in addition to the OPM breach, have stolen hundreds of millions of Americans’ personal information in the last year alone, swiped intellectual property, and conducted attacks on our agencies.  Not only does CISA propose a solution to help address these threats, it does so in a way that works to ensure the personal privacy of all Americans. We can no longer simply watch Americans’ personal information continue to be compromised. This bill is long needed and will help us combat threats to our country and our economy.

Remember, OPM was warned in a series of IG Reports that it didn’t have adequate protection for the Federal government workers’ data it stored. Congressional overseers, like Burr, did nothing to force OPM to improve security, just as the Intelligence Committees have tried for years to get National Security agencies to provide better checks on insider threats and other security problems, but never succeeded in actually getting them to do so.

So Burr’s response to neglect is to do something else that wouldn’t prevent the OPM hack. But it would effectively gut ECPA and FOIA, all in the name of information sharing which is about the 20th most effective way to combat hacking.

This is sheer incompetence from a legislative standpoint — pushing through an ineffective solution when faced with mounting evidence it wouldn’t work, all so as to increase spying on Americans.

But then, that seems to be Burr’s aspiration: to increase spying regardless of the efficacy of it.


Both Patrick Leahy and Ron Wyden released statements in response to Burr’s move. I’m intrigued by the way they note no one has been able to see the amendments Wyden tried to push through in the committee.
Leahy:

The Intelligence Committee’s information sharing bill will affect the privacy rights of all Americans, yet it has been cloaked in secrecy. It was considered behind closed doors, without a public hearing or public debate. We cannot even read the text of amendments considered at the mark up of this legislation. Senator Burr’s information sharing bill also erodes Americans’ right to know what their government is doing by weakening the Freedom of Information Act. I am deeply concerned that the Republican Leader now wants the Senate to pass this information sharing bill without any opportunity for the kind of public debate it needs. This is not the transparent and meaningful committee process the Republican Leader promised just months ago. I agree that we must do more to protect our cybersecurity, but this information sharing bill should not be considered as a last-minute amendment to yet another bill that was negotiated and considered behind closed doors. The privacy of millions of Americans is at stake. The American people deserve an open debate about legislation that would dramatically expand the amount of information about them that companies can share with agencies throughout the federal government.

Wyden:

“Senate Republican leaders are trying to make a bad defense bill worse by adding a flawed cybersecurity bill,” Wyden said.

“If Senator McConnell insists on attaching the flawed CISA bill to unrelated legislation, I will be fighting to ensure the Senate has a full debate and a chance to offer amendments to add vital protections for American privacy and address the threats to our cybersecurity.

Cybersecurity threats demand thoughtful solutions, not half-baked efforts that don’t address the real problems. CISA would create a way for the government to obtain Americans’ information without a warrant, and without adequate protections to protect their privacy. Most security experts agree that encouraging private companies to share more information with the government would have done little if anything to prevent recent data breaches.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

4 replies
  1. wallace says:

    Burr is the poster child for Great Moments in Authoritarianism. I’ve got $5 that says he tortured his cat as a kid. I’ve got $10 that says he crossed his fingers behind his back when he recited his oath of office. And, I’ve got $1k that says he would burn the Constitution in a new york second.

  2. phred says:

    Thanks for this post EW. I am curious, do you know what Congressional committees have oversight of OPM (and for that matter other federal agencies) IT security? Do we have any idea what technical expertise the members of these committees possess? Just curious. It’s high time we start loudly calling out the technical incompetence of members of Congress.
    .
    FWIW, I have no respect whatsoever for Wyden and have little faith that his secret little amendments will do much to restore the 4th amendment. I consider him a traitor for his vote for Fast Track Authority and seriously doubt his commitment to honor his oath of office (that bit about upholding the Constitution, which he will cheerfully sell out for a little campaign cash).
    .
    The only thing that will adequately protect digital data is strong encryption everywhere, all the time. There are no shortcuts.
    .
    But our incompetent intelligence agencies can only protect and increase their budgets by building ever larger data centers and hiring ever more people to keep an eye on what time little Susie’s soccer game is and whether or not the spouse remembers to pick up a gallon of milk on the way home from work. Nothing in our lives is too trivial for Keith Alexander’s data empire.
    .
    Until we do something about the perverse financial incentives in the federal government we will be cursed by CISA and TPP and all their mutant unconstitutional cousins crawling through the halls of Congress, eating our democracy alive from the inside out.

  3. orionATL says:

    sen. wyden is not pulling any punches. good!

    “… Cybersecurity threats demand thoughtful solutions, not half-baked efforts that don’t address the real problems. CISA would create a way for the government to obtain Americans’ information without a warrant, and without adequate protections to protect their privacy…”

Comments are closed.